[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS secure connection to an LDAP server
Hi there,
I am trying to secure connections to my ldap server by
using TLS.
I created a certificate for my server. The certicate
verification was OK (openssl verify -CAfile
/path/to/ca.pem /path/to/my_ldap_srv_certificate).
On my slapd.conf file I set TLSCACertificateFile,
TLSCertificate and TLSCertificateKeyFile paths.
I ran my server on the two default ports 389 (ldap)
and 636 (ldaps) using this command: 'slapd -d127 -h
"ldap:/// ldaps:///'.
Once checking the SSL conection (by running the
command: 'openssl s_client -connect localhost:636
-showcerts -state -CAfile /path/to/ca.pem'), I get the
following output:
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
2338:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:470:
My server's debug output shows:
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client
hello B
TLS trace: SSL_accept:error in SSLv3 read client
hello B
TLS: can't accept.
TLS: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:882
connection_read(8): TLS accept error error=-1 id=0,
closing
connection_closing: readying conn=0 sd=8 for close
connection_close: conn=0 sd=8
daemon: removing 8
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
I can't guess what could be the error. Do you please
have any suggestion?
I am using OpenSSH_3.5p1 with OpenLDAP 2.1.22 on a Red
Hat box.
Thank you in advance!
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/